Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Imports System.Data
- Imports System.Data.OleDb
- Imports System.Data.SqlClient
- Imports System.Text.RegularExpressions
- Partial Class inputvalidationMaster
- Inherits System.Web.UI.MasterPage
- ' LOGIN BUTTON
- Protected Sub btnLogin_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnLogin.Click
- Dim connAuthenticate As New SqlConnection
- connAuthenticate.ConnectionString = System.Configuration.ConfigurationManager.ConnectionStrings("cis491ConnectionString").ConnectionString
- connAuthenticate.Open()
- Dim strSQL As String = "SELECT * FROM Students WHERE Username = '" & tbUsername.Text & "' and Password = '" & tbPassword.Text & "'"
- Dim drAuthenticate As SqlDataReader
- Dim cmdAuthenticate As New SqlCommand(strSQL, connAuthenticate)
- drAuthenticate = cmdAuthenticate.ExecuteReader()
- If drAuthenticate.Read() Then
- lblLogin.Text = "Welcome! "
- sqlDSGradesUser.SelectCommand = "SELECT * FROM Grades WHERE StudentID = " & drAuthenticate.Item("StudentID")
- sqlDSGradesUser.DataBind()
- gvGradesUser.DataBind()
- sqlDSStudentsAll.SelectCommand = "SELECT * FROM Students"
- gvStudentsAll.DataBind()
- sqlDSGradesAll.SelectCommand = "SELECT * FROM Grades"
- gvGradesAll.DataBind()
- gvGradesUser.Visible = True
- gvStudentsAll.Visible = False
- gvGradesAll.Visible = False
- lblGradesUser.Visible = True
- lblStudentsAll.Visible = False
- lblGradesAll.Visible = False
- lblSQLStatement.Visible = True
- lblSQL.Text = strSQL
- Else
- lblLogin.Text = "Login Failed."
- End If
- End Sub
- ' RESET BUTTON
- Protected Sub btnReset_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnReset.Click
- tbUsername.Text = ""
- tbPassword.Text = ""
- lblLogin.Text = ""
- lblSQL.Text = ""
- MessageLabel.Text = ""
- MessageLabel2.Text = ""
- gvGradesUser.Visible = False
- gvStudentsAll.Visible = False
- gvGradesAll.Visible = False
- lblGradesUser.Visible = False
- lblStudentsAll.Visible = False
- lblGradesAll.Visible = False
- lblSQLStatement.Visible = False
- End Sub
- 'VALIDATION
- Protected Sub SubmitButton_Click(sender As Object, e As EventArgs)
- ' Determine which button was clicked.
- Select Case (CType(sender, Button)).ID
- Case "btnLogin"
- MessageLabel.Text = ""
- MessageLabel2.Text = ""
- ' Validate only the controls used for the city query.
- reqName.Validate()
- If reqName.IsValid Then
- reqPass.Validate()
- If reqPass.IsValid Then
- MessageLabel.Text = "Thanks for being ethical."
- End If
- End If
- Case "blacklistbutton"
- MessageLabel.Text = ""
- MessageLabel2.Text = ""
- ' Validate only the controls used for the state query.
- blacklistuser.Validate()
- ' Take the appropriate action if the controls pass validation.
- If blacklistuser.IsValid Then
- blacklistpass.Validate()
- If blacklistpass.IsValid Then
- MessageLabel.Text = "Thanks for being ethical."
- End If
- End If
- Case "whitelistbutton"
- MessageLabel.Text = ""
- MessageLabel2.Text = ""
- ' Validate only the controls used for the state query.
- whitelistuser.Validate()
- ' Take the appropriate action if the controls pass validation.
- If whitelistuser.IsValid Then
- whitelistpass.Validate()
- If whitelistpass.IsValid Then
- MessageLabel.Text = "Thanks for being ethical."
- End If
- End If
- Case "sanitizationbutton"
- MessageLabel.Text = ""
- MessageLabel2.Text = ""
- MessageLabel.Text = "User (sanitized): " & CleanInput(tbUsername.Text)
- MessageLabel2.Text = "Pass (sanitized): " & CleanInput(tbPassword.Text)
- Case "htmlbutton"
- MessageLabel.Text = ""
- MessageLabel2.Text = ""
- MessageLabel.Text = "User (encoded): " & Server.HtmlEncode(tbUsername.Text) & " (Look at source code)"
- MessageLabel2.Text = "Pass (encoded): " & Server.HtmlEncode(tbPassword.Text) & " (Look at source code)"
- 'literaluser.Mode = LiteralMode.Encode
- 'literaluser.Text = tbUsername.Texts
- End Select
- End Sub
- 'SANITIZATION
- Function CleanInput(strIn As String) As String
- ' Replace invalid characters with empty strings.
- Try
- Return Regex.Replace(strIn, "[^\w\.@-]", "")
- ' If we timeout when replacing invalid characters,
- ' we should return String.Empty.
- Catch e As System.TimeoutException
- Return String.Empty
- End Try
- End Function
- End Class
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement